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DETAILED ACTION 

1 . This action is responding to application papers filed on 4-1 2-2004. 

2. Claims 1 - 32 are pending. Claims 1, 8, 18, 21, 25, 29 are independent. 

Claim Rejections - 35 USC § 102 

3. The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that 
form the basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(e) the invention was described in (1) an application for patent, published under section 122(b), by another 
filed in the United States before the invention by the applicant for patent or (2) a patent granted on an 
application for patent by another filed in the United States before the invention by the applicant for patent, 
except that an international application filed under the treaty defined in section 351 (a) shall have the effects 
for purposes of this subsection of an application filed in the United States only if the international 
application designated the United States and was published under Article 21 (2) of such treaty in the 
English language. 

4. Claims 1 - 32 are rejected under 35 U.S.C. 102(e) as being anticipated by Bosler 
et al. (US Patent No. 20050010757). 

Regarding Claims 1, 21, 25, Bosler discloses a method, comprising the computer 

implemented steps of: 

a) receiving trust information defining one or more trusted signatories; (see Bosler 
paragraph [0058], lines 5-7: public/private key pairs; paragraph [0060], lines 1-6: 
GAs (i.e. trusted signatories) distributing or granting certificates, received by 
user) 
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b) receiving configuration information comprising a hostname, one or more 
configuration directives for a host network element associated with the 
hostname, and one or more digital signatures of the hostname and configuration 
directives; (see Bosler paragraph [0058], lines 5-14: management (i.e. 
configuration) information transferred between manager and client, digital 
signature verification required) 

c) attempting to verify the one or more digital signatures based on the trust 
information; (see Bosler paragraph [0008], lines 7-13: verification digital signature 
based on certificates received from CA (i.e. trust information)) 

d) applying the configuration directives to a network element only when the one of 
more digital signatures are verified successfully, (see Bosler paragraph [0057], 
lines 29-33: utilize directives or commands after digital signature verification) 

Regarding Claims 2, 22, 26, 30, Bosler discloses a method as recited in Claim 1, 
further comprising the steps of 

a) verifying that the one or more digital signatures is valid (see Bosler paragraph 
[0008], lines 7-13: verify digital signature) and 

b) that one or more principals respectively associated with the digital signatures 
have collective authority to perform the directives on the host, (see Bosler 
paragraph [0058], lines 9-14: mutual authentication before directives or 
commands processed) 
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Regarding Claims 3, 4, Bosler discloses a method as recited in Claim 1, further 
comprising the steps of 

a) receiving in association with a particular configuration directive, security 
information defining a number of required signatures and required principals; 
(see Bosler paragraph [0058], lines 21-28: receive security information with 
directive (i.e. command, management message)) 

b) applying the particular configuration directive only when the configuration 
information has the number of required signatures by the required principals and 
only upon successively validating all required signatures, (see Bosler paragraph 
[0058], lines 5-14: digital signature authentication; paragraph [0069], lines 1-5: 
apply directives or commands after authentication) 

Regarding Claims 5, 15, Bosler discloses a, and wherein public keys for the digital 
signatures are stored on the host, (see Bosler paragraph [0073], lines 4-7: security 
information stored in central location (i.e. host system), (i.e. option, each individual 
system or host)) 

Regarding Claims 6, 16, Bosler discloses a method as recited in Claim 1, wherein the 
digital signatures use public key cryptography, wherein public keys for the digital 
signatures are stored on a key server and retrieved from the key server as part of 
attempting to validate the digital signatures, (see Bosler paragraph [0007], lines 6-8: 
public key cryptography authentication; paragraph [0073], lines 4-7; paragraph [0060], 
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lines 1-6: security information stored in central location or in each individual system or 
host, certification server (i.e. key server)) 

Regarding Claims 7, 17, Bosler discloses a method as recited in Claim 1, wherein the 
digital signatures use public key cryptography, and wherein public keys for the digital 
signatures received in a digital certificate and extracted from the digital certificate as 
part of attempting to validate the digital signatures, (see Bosler paragraph [0058], lines 
5-7: public/private key pair; paragraph [0060], lines 1-6: Certificate Authority (CA) , 
public key certificate; paragraph [0008], lines 7-13: verification (i.e. validation) with 
digital signature) 

Regarding Claim 8. Bosler discloses a method, comprising the computer 
implemented steps of: 

a) receiving a public key for a user of the network devices; receiving trust 
information defining one or more trusted signatories; (see Bosler paragraph 
[0058], lines 5-7: public/private key pairs; paragraph [0060], lines 1-6: CAs (i.e. 
trusted signatories) distributing or granting certificates) 

b) receiving configuration control information that includes a time period during 
which a valid digital signature is required for applying one or more particular 
configuration directives; (see Bosler paragraph [0071], lines 1-13; paragraph 
[0073], lines 77-22: time-based certificate, directive authentication) 
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c) receiving configuration information comprising a hostname, one or more 
configuration directives for a host network element associated with the 
hostname, one or more digital signatures of the hostname and configuration 
directives, and a date time value; (see Bosler paragraph [0058], lines 5-14: 
management (i.e. configuration) information transferred between manager and 
client, digital signature verification required) 

d) determining if the date time value is within the time period; (see Bosler paragraph 
[0073], lines 17-22: time based verification for certificate, time period valid) 

e) determining if the one or more configuration directives have been previously 
received during the time period; (see Bosler paragraph [0069], lines 1-5: process 
configuration directive(s), commands) and 

f) only when the date time value is within the time period (see Bosler paragraph 
[0073], lines 17-22: time based certificate) and the one or more configuration 
directives have not been previously received during the time period, attempting to 
verify the one or more digital signatures based on the trust information, and 
applying the configuration directives to a network element only when the one or 
more digital signatures are verified successfully, (see Bosler paragraph [0058], 
lines 5-14: apply directives when digital signature authenticated) 

Regarding Claims 9, 10, Bosler discloses a method as recited in Claim 8, wherein the 
step of determining if the one or more configuration directives have been previously 
received during the time period comprises the steps of 
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a) generating a secure hash of the one or more configuration directives; (see Bosler 
paragraph [0078], lines 3-15: generate secure hash value for authentication) 

b) determining if the secure hash is found in non volatile memory, (see Bosler 
paragraph [0078], lines 3-15; paragraph [0067], lines 4-8: memory, workspace for 
data processing: memory (i.e. non-volatile)) 

Regarding Claim 11, Bosler discloses a method as recited in Claim 8, further 
comprising the step of storing the secure hash in non volatile memory, in association 
with an expiration value, when the date time value is within the time period and the one 
or more configuration directives have not been previously received during the time 
period, (see Bosler paragraph [0067], lines 4-8: memory, workspace for data 
processing; paragraph [0071], lines 1-13; paragraph [0073], lines 4-7: time-based 
certificates; paragraph [0078], lines 3-15: hash (i.e. digest) values utilized for 
authentication) 

Regarding Claim 12, Bosler discloses a method as recited in Claim 8, further 
comprising the steps of verifying that the one or more digital signatures is valid and that 
one or more principals respectively associated with the digital signatures have collective 
authority to perform the directives on the host, (see Bosler paragraph [0058], lines 5-14: 
mutual authentication required before directive(s) or command(s) implemented) 
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Regarding Claims 13, 14, Bosler discloses a method as recited in Claim 8, further 
comprising the steps of 

a) receiving, in association with a particular configuration directive, security 
information defining a number of required signatures and required principals; 
(see Bosler paragraph [0058], lines 21-28: key, security information received with 
directive or command) 

b) applying the particular configuration directive only when the configuration 
information has the number of required signatures by the required principals and 
only upon successively validating all required signatures, (see Bosler paragraph 
[0058], lines 5-14; paragraph [0069], lines 1-5: validate digital signature, process 
directive or command) 

Regarding Claim 18, Bosler discloses a method for verifying configuration changes for 
network devices using digital signatures, comprising the computer implemented steps 
of: 

a) receiving a public key for a user of the network devices; (see Bosler paragraph 
[0058], lines 5-7: public/private key pairs; paragraph [0060], lines 1-6: CAs (i.e. 
trusted signatories) distributing or granting certificates (i.e. public key certificate), 
received by user) 

b) receiving configuration control information that includes a time period during 
which a valid digital signature is required for applying one or more particular 
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configuration directives to a specified network device; (see Bosler paragraph 
[0071], lines 1-13; paragraph [0073], lines 17-22: time based certificate) 

c) receiving configuration information comprising a hostname, one or more 
configuration directives for the specified network device associated with the 
hostname, one or more digital signatures of the hostname and configuration 
directives, and a date time value; (see Bosler paragraph [0058], lines 5-14: 
management (i.e. configuration) information transferred between manager and 
client, digital signature verification required) 

d) determining if the date time value is within the time period; (see Bosler paragraph 
[0073], lines 17-22: time based certificate, time period valid) 

e) determining if the one or more configuration directives have been previously 
received during the time period, by generating a secure hash of the one or more 
configuration directives and determining if the secure hash is found in memory; 
(see Bosler paragraph [0078], lines 3-15: hash (i.e. digest) utilized) and 

f) only when the date time value is within the time period and the one or more 
configuration directives have not been previously received during the time period, 
(see Bosler paragraph [0073], lines 17-22: time-based certificate, time period 
valid) 

performing the steps of: 

g) attempting to verify the one or more digital signatures based on generating a 
secure hash of the one or more configuration directives using the public key and 
comparing the secure hash to the one or more digital signatures, and applying 
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the configuration directives to a network element only when the one or more 
digital signatures are verified successfully, (see Bosler paragraph [0078], lines 3- 
15: hash generation, authentication) 

Regarding Claims 19, 23, 31, Bosler discloses a method as recited in any of Claims 1, 
8, or 18, wherein the one or more digital signatures comprise a first digital signature of 
the one or more configuration directives by a first user, and a second digital signature 
by a second user, wherein the second digital signature is applied to a resultant of the 
first digital signature, (see Bosler paragraph [0078], lines 7-15: comparison (i.e. is 
applied) of resultant hashes (i.e. digest, digital signature) for authentication) 

Regarding Claims 20, 24, 32, Bosler discloses a method as recited in any of Claims 1, 
8, or 18, wherein the one or more digital signatures comprise a first digital signature of a 
first portion of the one or more configuration directives by a first user, a second digital 
signature of a second portion of the one or more configuration directives by a second 
user, and a third digital signature by a third user, wherein the third digital signature is 
applied to a resultant of the first digital signature and the second digital signature, (see 
Bosler paragraph [0078], lines 7-15: comparison (i.e. is applied) of resultant hashes (i.e. 
digest, digital signature) for authentication) 

Regarding Claim 27, Bosler discloses an apparatus as recited in Claim 25, wherein the 
one or more digital signatures comprise a first digital signature of the one or more 
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configuration directives by a first user, and a second digital signature by a second user, 
wherein the second digital signature is applied to a resultant of the first digital signature, 
(see Bosler paragraph [0078], lines 7-15: comparison (i.e. is applied) of resultant 
hashes (i.e. digest, digital signature) for authentication) 

Regarding Claim 28, Bosler discloses an apparatus as recited in Claim 25, wherein the 
one or more digital signatures comprise a first digital signature of a first portion of the 
one or more configuration directives by a first user, a second digital signature of a 
second portion of the one or more configuration directives by a second user, and a third 
digital signature by a third user, wherein the third digital signature is'applied to a 
resultant of the first digital signature and the second digital signature, (see Bosler 
paragraph [0078], lines 7-15: comparison (i.e. is applied) of resultant hashes (i.e. digest, 
digital signature) for authentication) 

Regarding Claim 29, Bosler discloses An apparatus for verifying configuration changes 
for network devices using digital signatures, comprising: a network interface that is 
coupled to the data network for receiving one or more packet flows therefrom; 

a) a processor; (see Bosler paragraph [0067], lines 4-8: processor) 

one or more stored sequences of instructions which, when executed by the 
processor, cause the processor to carry out the steps of: 

b) receiving trust information defining one or more trusted signatories; (see Bosler 
paragraph [0058], lines 5-7: public/private key pairs; paragraph [0060], lines 1-6: 
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CAs (i.e. trusted signatories) distributing or granting certificates, received by 
user) 

c) receiving configuration information comprising a hostname, one or more 
configuration directives for a host network element associated with the 
hostname, and one or more digital signatures of the hostname and configuration 
directives; (see Bosler paragraph [0058], lines 5-14: management (i.e. 
configuration) information transferred between manager and client, digital 
signature verification required) 

d) attempting to verify the one or more digital signatures based on the trust 
information; (see Bosler paragraph [0008], lines 7-13: verify digital signature) 

e) applying the configuration directives to a network element only when the one or 
more digital signatures are verified successfully, (see Bosler paragraph [0058], 
lines 5-14; paragraph [0069], lines 1-5: signature verification, process directive) 

Conclusion 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Carlton V. Johnson whose telephone number is 571- 
270-1032. The examiner can normally be reached on Monday thru Friday , 8:00 - 
5:00PM EST. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Nasser Moazzami can be reached on 571-272-4195. The fax phone 
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number for the organization where this application or proceeding is assigned is 571- 
273-8300. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a 
USPTO Customer Service Representative or access to the automated information 
system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 




Carlton V. Johnson 
nasser moazzami Examiner 



